Importing SSL Certificate into Firefox using GPO

You ask how to copy the certs8.db, right? We did this, can give you a small script in a few hours when I have access to it.

McKnife,

Thank you for responding, I appreciate it. Yes, I need to distribute the Cert8.db to all the computers on the domain so that users will not get the certificate error message when they try to access a secure site.

am I approaching this the correct way? My end goal is to have the Firefox browser trusting my local CA SSL cert for all the users that uses the machine. IE and Chrome works ok but Firefox uses its own cert DB.

Thanks

should have been:

for /f "tokens=1,2 delims=/" %%a in ('findstr Path %appdata%\Mozilla\Firefox\profiles.ini') do copy \\server\share\cert8.db %appdata%\Mozilla\Firefox\profiles\%%b\cert8.db /y

Select allOpen in new window

Thank you for the code. How do I run this code. Do I copy it and make a batch file?

Correct. Or place that line in your domain logon script.

OK, Awesome, I will try this now.

Quick question, will this delete the users favorites that they currently have in Firefox?

Thanks

No, just copy and eventually replace this one file.

Thank you again....  The script is working great.

I noticed that there are some Windows XP and Windows 8.1 client machines.

How would I modify this script to accommodate these machines?

Thanks

No need for action.

I do not understand ?/??

Runs on xp/vista/7/8/10 - all the same, no need to adjust anything.

Awesome. I noticed that the path for the XP machines is different..... My Documents\etc.

Should I run this as a user policy or a machine policy?

What is your recommendations?

Thank you again for your help with this item.

Has to run as a user policy, put this code line into the logon script inside that policy.

OK, just wanted to verify.

I am sorry for the delaying in getting back to you. I am having an issue with my Windows XP machine, X86 (In the process of replacing them).

I deployed the script and it works great for the Windows 7 machines but it does not work for the XP machines.

I will test this on the Windows 8/8.1 machines to make this working.

Any thoughts on the Windows XP machines?

Thanks.

Execute this code on a command line on xp and quote the error:

for /f "tokens=1,2 delims=/" %a in ('findstr Path %appdata%\Mozilla\Firefox\profiles.ini') do copy \\server\share\cert8.db %appdata%\Mozilla\Firefox\profiles\%b\cert8.db /y

[same code as before, just modified for the command line]

OK! doing this now, thanks.

I am getting the following message.

X:\>for /f "tokens=1,2 delims=/" %a in ('findstr Path %appdata%\Mozilla\Firefox\
profiles.ini') do copy \\server\share\\cert8.db %ap
pdata%\Mozilla\Firefox\profiles\%b\cert8.db /y
FINDSTR: Cannot open C:\Documents
FINDSTR: Cannot open and
FINDSTR: Cannot open Settings\User_Name\Application
FINDSTR: Cannot open Data\Mozilla\Firefox\profiles.ini

The user account that is running this script has admin access on this machine.

Please see the path for the cert8 db on this XP Machine:

C:\Documents and Settings\User_Name\Application Data\Mozilla\Firefox\Profiles\cw83xe5i.default


Thanks

Ok, my bad. The error: That path needs to be enclosed in "".
Make it "%appdata%\...profiles.ini"

Is the following correct?


for /f "tokens=1,2 delims=/" %%a in (findstr Path "%appdata%\Mozilla\Firefox\profiles.ini") do copy \\server\share\cert8.db %appdata%\Mozilla\Firefox\profiles\%%b\cert8.db /y

Not quite,you missed the 2 '

for /f "tokens=1,2 delims=/" %%a in ('findstr Path "%appdata%\Mozilla\Firefox\profiles.ini"') do copy \\server\share\cert8.db %appdata%\Mozilla\Firefox\profiles\%%b\cert8.db /y 

Select allOpen in new window

McKnife,

I am sorry for the delay on this item. I assigned this to my sys admin and the ball got dropped.

I will test the above code and respond to you.

I appreciate your patience with this item.

I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.

McKnife,

Thank you for your help this this issue, I am sorry for the delay in updating this item.